Add to collection(s) Add to saved
  1. Business
  2. Accounting

500 Audit Evidence - Financial Reporting Council

advertisement 
INTERNATIONAL STANDARD ON AUDITING
(UK AND IRELAND) 500
AUDIT EVIDENCE
CONTENTS
Paragraph
Introduction............................................................................................
1-2
Concept of Audit Evidence....................................................................
3-6
Sufficient Appropriate Audit Evidence .................................................
7 - 14
The Use of Assertions in Obtaining Audit Evidence .............................
15 - 18
Audit Procedures for Obtaining Audit Evidence ..................................
19 - 38
Inspection of Records or Documents..........................................
26 - 27
Inspection of Tangible Assets.....................................................
28
Observation ...............................................................................
29
Inquiry ........................................................................................
30 - 34
Confirmation ..............................................................................
35
Recalculation .............................................................................
36
Reperformance ...........................................................................
37
Analytical Procedures.................................................................
38
Effective Date ........................................................................................
39
International Standard on Auditing (UK and Ireland) (ISA (UK and Ireland))
500 “Audit Evidence” should be read in the context of the Auditing Practices
Board’s Statement “The Auditing Practices Board - Scope and Authority of
Pronouncements (Revised)” which sets out the application and authority of
ISAs (UK and Ireland).
1
ISA (UK and Ireland) 500
Introduction
1.
The purpose of this International Standard on Auditing (UK and Ireland)
(ISA (UK and Ireland)) is to establish standards and provide guidance on
what constitutes audit evidence in an audit of financial statements, the
quantity and quality of audit evidence to be obtained, and the audit
procedures that auditors use for obtaining that audit evidence.
1-1.
This ISA (UK and Ireland) uses the terms ‘those charged with governance’
and ‘management’. The term ‘governance’ describes the role of persons
entrusted with the supervision, control and direction of an entity.
Ordinarily, those charged with governance are accountable for ensuring that
the entity achieves its objectives, and for the quality of its financial
reporting and reporting to interested parties. Those charged with
governance include management only when they perform such functions.
1-2.
In the UK and Ireland, those charged with governance include the directors
(executive and non-executive) of a company or other body, the members of
an audit committee where one exists, the partners, proprietors, committee of
management or trustees of other forms of entity, or equivalent persons
responsible for directing the entity’s affairs and preparing its financial
statements.
1-3.
‘Management’ comprises those persons who perform senior managerial
functions.
1-4.
In the UK and Ireland, depending on the nature and circumstances of the
entity, management may include some or all of those charged with
governance (e.g. executive directors). Management will not normally
include non-executive directors.
2.
The auditor should obtain sufficient appropriate audit evidence to be
able to draw reasonable conclusions on which to base the audit opinion.
Concept of Audit Evidence
3.
1
2
“Audit evidence” is all the information used by the auditor in arriving at the
conclusions on which the audit opinion is based, and includes the
information contained in the accounting records underlying the financial
statements and other information. Auditors are not expected to address all
information that may exist.1 Audit evidence, which is cumulative in nature,
See paragraph 14.
ISA (UK and Ireland) 500
includes audit evidence obtained from audit procedures performed during
the course of the audit and may include audit evidence obtained from other
sources such as previous audits and a firm’s quality control procedures for
client acceptance and continuance.
1a
4.
Accounting records generally include the records of initial entries and
supporting records, such as checks and records of electronic fund transfers;
invoices; contracts; the general and subsidiary ledgers, journal entries and
other adjustments to the financial statements that are not reflected in formal
journal entries; and records such as work sheets and spreadsheets
supporting cost allocations, computations, reconciliations and disclosures.
The entries in the accounting records are often initiated, recorded,
processed and reported in electronic form. In addition, the accounting
records may be part of integrated systems that share data and support all
aspects of the entity’s financial reporting, operations and compliance
objectives.
5.
Management1a is responsible for the preparation of the financial statements
based upon the accounting records of the entity. The auditor obtains some
audit evidence by testing the accounting records, for example, through
analysis and review, reperforming procedures followed in the financial
reporting process, and reconciling related types and applications of the
same information. Through the performance of such audit procedures, the
auditor may determine that the accounting records are internally consistent
and agree to the financial statements. However, because accounting records
alone do not provide sufficient audit evidence on which to base an audit
opinion on the financial statements, the auditor obtains other audit
evidence.
6.
Other information that the auditor may use as audit evidence includes
minutes of meetings; confirmations from third parties; analysts’ reports;
comparable data about competitors (benchmarking); controls manuals;
information obtained by the auditor from such audit procedures as inquiry,
observation, and inspection; and other information developed by, or
available to, the auditor that permits the auditor to reach conclusions
through valid reasoning.
In the UK and Ireland, the auditor obtains written representations from those charged with governance.
3
ISA (UK and Ireland) 500
Sufficient Appropriate Audit Evidence
7.
Sufficiency is the measure of the quantity of audit evidence.
Appropriateness is the measure of the quality of audit evidence; that is, its
relevance and its reliability in providing support for, or detecting
misstatements in, the classes of transactions, account balances, and
disclosures and related assertions. The quantity of audit evidence needed is
affected by the risk of misstatement (the greater the risk, the more audit
evidence is likely to be required) and also by the quality of such audit
evidence (the higher the quality, the less may be required). Accordingly, the
sufficiency and appropriateness of audit evidence are interrelated. However,
merely obtaining more audit evidence may not compensate for its poor
quality.
8.
A given set of audit procedures may provide audit evidence that is relevant
to certain assertions, but not others. For example, inspection of records and
documents related to the collection of receivables after the period end may
provide audit evidence regarding both existence and valuation, although not
necessarily the appropriateness of period-end cutoffs. On the other hand,
the auditor often obtains audit evidence from different sources or of a
different nature that is relevant to the same assertion. For example, the
auditor may analyze the aging of accounts receivable and the subsequent
collection of receivables to obtain audit evidence relating to the valuation of
the allowance for doubtful accounts. Furthermore, obtaining audit evidence
relating to a particular assertion, for example, the physical existence of
inventory, is not a substitute for obtaining audit evidence regarding another
assertion, for example, the valuation of inventory.
9.
The reliability of audit evidence is influenced by its source and by its nature
and is dependent on the individual circumstances under which it is
obtained. Generalizations about the reliability of various kinds of audit
evidence can be made; however, such generalizations are subject to
important exceptions. Even when audit evidence is obtained from sources
external to the entity, circumstances may exist that could affect the
reliability of the information obtained. For example, audit evidence
obtained from an independent external source may not be reliable if the
source is not knowledgeable. While recognizing that exceptions may exist,
the following generalizations about the reliability of audit evidence may be
useful:
y
4
Audit evidence is more reliable when it is obtained from independent
sources outside the entity.
ISA (UK and Ireland) 500
y
Audit evidence that is generated internally is more reliable when the
related controls imposed by the entity are effective.
y
Audit evidence obtained directly by the auditor (for example,
observation of the application of a control) is more reliable than audit
evidence obtained indirectly or by inference (for example, inquiry
about the application of a control).
y
Audit evidence is more reliable when it exists in documentary form,
whether paper, electronic, or other medium (for example, a
contemporaneously written record of a meeting is more reliable than
a subsequent oral representation of the matters discussed).
y
Audit evidence provided by original documents is more reliable than
audit evidence provided by photocopies or facsimiles.
10.
An audit rarely involves the authentication of documentation, nor is the
auditor trained as or expected to be an expert in such authentication.
However, the auditor considers the reliability of the information to be used
as audit evidence, for example, photocopies, facsimiles, filmed, digitized or
other electronic documents, including consideration of controls over their
preparation and maintenance where relevant.
11.
When information produced by the entity is used by the auditor to
perform audit procedures, the auditor should obtain audit evidence
about the accuracy and completeness of the information. In order for the
auditor to obtain reliable audit evidence, the information upon which the
audit procedures are based needs to be sufficiently complete and accurate.
For example, in auditing revenue by applying standard prices to records of
sales volume, the auditor considers the accuracy of the price information
and the completeness and accuracy of the sales volume data. Obtaining
audit evidence about the completeness and accuracy of the information
produced by the entity’s information system may be performed concurrently
with the actual audit procedure applied to the information when obtaining
such audit evidence is an integral part of the audit procedure itself. In other
situations, the auditor may have obtained audit evidence of the accuracy
and completeness of such information by testing controls over the
production and maintenance of the information. However, in some
situations the auditor may determine that additional audit procedures are
needed. For example, these additional procedures may include using
computer-assisted audit techniques (CAATs) to recalculate the information.
5
ISA (UK and Ireland) 500
12.
The auditor ordinarily obtains more assurance from consistent audit
evidence obtained from different sources or of a different nature than from
items of audit evidence considered individually. In addition, obtaining audit
evidence from different sources or of a different nature may indicate that an
individual item of audit evidence is not reliable. For example, corroborating
information obtained from a source independent of the entity may increase
the assurance the auditor obtains from a management1a representation.
Conversely, when audit evidence obtained from one source is inconsistent
with that obtained from another, the auditor determines what additional
audit procedures are necessary to resolve the inconsistency.
13.
The auditor considers the relationship between the cost of obtaining audit
evidence and the usefulness of the information obtained. However, the
matter of difficulty or expense involved is not in itself a valid basis for
omitting an audit procedure for which there is no alternative.
14.
In forming the audit opinion the auditor does not examine all the
information available because conclusions ordinarily can be reached by
using sampling approaches and other means of selecting items for testing.
Also, the auditor ordinarily finds it necessary to rely on audit evidence that
is persuasive rather than conclusive; however, to obtain reasonable
assurance,2 the auditor is not satisfied with audit evidence that is less than
persuasive. The auditor uses professional judgment and exercises
professional skepticism in evaluating the quantity and quality of audit
evidence, and thus its sufficiency and appropriateness, to support the audit
opinion.
The Use of Assertions in Obtaining Audit Evidence
15.
Management3 is responsible for the fair presentation of financial statements
that reflect the nature and operations of the entity. In representing that the
financial statements give a true and fair view (or are presented fairly, in all
material respects) in accordance with the applicable financial reporting
framework, management implicitly or explicitly makes assertions regarding
the recognition, measurement, presentation and disclosure of the various
elements of financial statements and related disclosures.
2
Paragraphs 8-12 of ISA (UK and Ireland) 200, “Objective and General Principles Governing an Audit
of Financial Statements,” provide discussion of reasonable assurance as it relates to an audit of
financial statements.
3
In the UK and Ireland, those charged with governance are responsible for the preparation of the
financial statements.
6
ISA (UK and Ireland) 500
16.
The auditor should use assertions for classes of transactions, account
balances, and presentation and disclosures in sufficient detail to form a
basis for the assessment of risks of material misstatement and the
design and performance of further audit procedures. The auditor uses
assertions in assessing risks by considering the different types of potential
misstatements that may occur, and thereby designing audit procedures that
are responsive to the assessed risks. Other ISAs (UK and Ireland) discuss
specific situations where the auditor is required to obtain audit evidence at
the assertion level.
17.
1Assertions used by the auditor fall into the following categories:
(a)
Assertions about classes of transactions and events for the period
under audit:
(i)
Occurrence—transactions and events that have been recorded
have occurred and pertain to the entity.
(ii)
Completeness—all transactions and events that should have
been recorded have been recorded.
(iii) Accuracy—amounts and other data relating to recorded
transactions and events have been recorded appropriately.
(iv) Cutoff—transactions and events have been recorded in the
correct accounting period.
(v)
(b)
Classification—transactions and events have been recorded in
the proper accounts.
Assertions about account balances at the period end:
(i)
Existence—assets, liabilities, and equity interests exist.
(ii)
Rights and obligations—the entity holds or controls the
rights to assets, and liabilities are the obligations of the entity.
(iii) Completeness—all assets, liabilities and equity interests that
should have been recorded have been recorded.
(iv) Valuation and allocation —assets, liabilities, and equity
interests are included in the financial statements at appropriate
amounts and any resulting valuation or allocation adjustments
are appropriately recorded.
(c)
Assertions about presentation and disclosure:
7
ISA (UK and Ireland) 500
(i)
Occurrence and rights and obligations—disclosed events,
transactions, and other matters have occurred and pertain to the
entity.
(ii)
Completeness—all disclosures that should have been included
in the financial statements have been included.
(iii) Classification and understandability—financial information is
appropriately presented and described, and disclosures are
clearly expressed.
(iv) Accuracy and valuation—financial and other information are
disclosed fairly and at appropriate amounts.
18.
The auditor may use the assertions as described above or may express them
differently provided all aspects described above have been covered. For
example, the auditor may choose to combine the assertions about
transactions and events with the assertions about account balances. As
another example, there may not be a separate assertion related to cutoff of
transactions and events when the occurrence and completeness assertions
include appropriate consideration of recording transactions in the correct
accounting period.
Audit Procedures for Obtaining Audit Evidence
19.
8
The auditor obtains audit evidence to draw reasonable conclusions on
which to base the audit opinion by performing audit procedures to:
(a)
Obtain an understanding of the entity and its environment, including
its internal control, to assess the risks of material misstatement at the
financial statement and assertion levels (audit procedures performed
for this purpose are referred to in the ISAs (UK and Ireland) as “risk
assessment procedures”);
(b)
When necessary or when the auditor has determined to do so, test the
operating effectiveness of controls in preventing, or detecting and
correcting, material misstatements at the assertion level (audit
procedures performed for this purpose are referred to in the ISAs (UK
and Ireland) as “tests of controls”); and
(c)
Detect material misstatements at the assertion level (audit procedures
performed for this purpose are referred to in the ISAs (UK and
Ireland) as “substantive procedures” and include tests of details of
classes of transactions, account balances, and disclosures and
ISA (UK and Ireland) 500
substantive analytical procedures).
20.
The auditor always performs risk assessment procedures to provide a
satisfactory basis for the assessment of risks at the financial statement and
assertion levels. Risk assessment procedures by themselves do not provide
sufficient appropriate audit evidence on which to base the audit opinion,
however, and are supplemented by further audit procedures in the form of
tests of controls, when necessary, and substantive procedures.
21.
Tests of controls are necessary in two circumstances. When the auditor’s
risk assessment includes an expectation of the operating effectiveness of
controls, the auditor is required to test those controls to support the risk
assessment. In addition, when substantive procedures alone do not provide
sufficient appropriate audit evidence, the auditor is required to perform tests
of controls to obtain audit evidence about their operating effectiveness.
22.
The auditor plans and performs substantive procedures to be responsive to
the related assessment of the risks of material misstatement, which includes
the results of tests of controls, if any. The auditor’s risk assessment is
judgmental, however, and may not be sufficiently precise to identify all
risks of material misstatement. Further, there are inherent limitations to
internal control, including the risk of management override, the possibility
of human error and the effect of systems changes. Therefore, substantive
procedures for material classes of transactions, account balances, and
disclosures are always required to obtain sufficient appropriate audit
evidence.
23.
The auditor uses one or more types of audit procedures described in
paragraphs 26-38 below. These audit procedures, or combinations thereof,
may be used as risk assessment procedures, tests of controls or substantive
procedures, depending on the context in which they are applied by the
auditor. In certain circumstances, audit evidence obtained from previous
audits may provide audit evidence where the auditor performs audit
procedures to establish its continuing relevance.
24.
The nature and timing of the audit procedures to be used may be affected by
the fact that some of the accounting data and other information may be
available only in electronic form or only at certain points or periods in time.
Source documents, such as purchase orders, bills of lading, invoices, and
checks, may be replaced with electronic messages. For example, entities
may use electronic commerce or image processing systems. In electronic
commerce, the entity and its customers or suppliers use connected
computers over a public network, such as the Internet, to transact business
9
ISA (UK and Ireland) 500
electronically. Purchase, shipping, billing, cash receipt, and cash
disbursement transactions are often consummated entirely by the exchange
of electronic messages between the parties. In image processing systems,
documents are scanned and converted into electronic images to facilitate
storage and reference, and the source documents may not be retained after
conversion. Certain electronic information may exist at a certain point in
time. However, such information may not be retrievable after a specified
period of time if files are changed and if backup files do not exist. An
entity’s data retention policies may require the auditor to request retention
of some information for the auditor’s review or to perform audit procedures
at a time when the information is available.
25.
When the information is in electronic form, the auditor may carry out
certain of the audit procedures described below through CAATs.
Inspection of Records or Documents
26.
Inspection consists of examining records or documents, whether internal or
external, in paper form, electronic form, or other media. Inspection of
records and documents provides audit evidence of varying degrees of
reliability, depending on their nature and source and, in the case of internal
records and documents, on the effectiveness of the controls over their
production. An example of inspection used as a test of controls is inspection
of records or documents for evidence of authorization.
27.
Some documents represent direct audit evidence of the existence of an
asset, for example, a document constituting a financial instrument such as a
stock or bond. Inspection of such documents may not necessarily provide
audit evidence about ownership or value. In addition, inspecting an
executed contract may provide audit evidence relevant to the entity’s
application of accounting policies, such as revenue recognition.
Inspection of Tangible Assets
28.
10
Inspection of tangible assets consists of physical examination of the assets.
Inspection of tangible assets may provide reliable audit evidence with
respect to their existence, but not necessarily about the entity’s rights and
obligations or the valuation of the assets. Inspection of individual inventory
items ordinarily accompanies the observation of inventory counting.
ISA (UK and Ireland) 500
Observation
29.
Observation consists of looking at a process or procedure being performed
by others. Examples include observation of the counting of inventories by
the entity’s personnel and observation of the performance of control
activities. Observation provides audit evidence about the performance of a
process or procedure, but is limited to the point in time at which the
observation takes place and by the fact that the act of being observed may
affect how the process or procedure is performed. See ISA (UK and Ireland)
501, “Audit Evidence—Additional Considerations for Specific Items” for
further guidance on observation of the counting of inventory.
Inquiry
30.
Inquiry consists of seeking information of knowledgeable persons, both
financial and non-financial, throughout the entity or outside the entity.
Inquiry is an audit procedure that is used extensively throughout the audit
and often is complementary to performing other audit procedures. Inquiries
may range from formal written inquiries to informal oral inquiries.
Evaluating responses to inquiries is an integral part of the inquiry process.
31.
Responses to inquiries may provide the auditor with information not
previously possessed or with corroborative audit evidence. Alternatively,
responses might provide information that differs significantly from other
information that the auditor has obtained, for example, information
regarding the possibility of management override of controls. In some
cases, responses to inquiries provide a basis for the auditor to modify or
perform additional audit procedures.
32.
The auditor performs audit procedures in addition to the use of inquiry to
obtain sufficient appropriate audit evidence. Inquiry alone ordinarily does
not provide sufficient audit evidence to detect a material misstatement at the
assertion level. Moreover, inquiry alone is not sufficient to test the
operating effectiveness of controls.
33.
Although corroboration of evidence obtained through inquiry is often of
particular importance, in the case of inquiries about management intent, the
information available to support management’s intent may be limited. In
these cases, understanding management’s past history of carrying out its
stated intentions with respect to assets or liabilities, management’s stated
reasons for choosing a particular course of action, and management’s ability
to pursue a specific course of action may provide relevant information
about management’s intent.
11
ISA (UK and Ireland) 500
34.
In respect of some matters, the auditor obtains written representations from
management1a to confirm responses to oral inquiries. For example, the
auditor ordinarily obtains written representations from management1a on
material matters when other sufficient appropriate audit evidence cannot
reasonably be expected to exist or when the other audit evidence obtained is
of a lower quality. See ISA (UK and Ireland) 580, “Management
Representations” for further guidance on written representations.
Confirmation
35.
Confirmation, which is a specific type of inquiry, is the process of obtaining
a representation of information or of an existing condition directly from a
third party. For example, the auditor may seek direct confirmation of
receivables by communication with debtors. Confirmations are frequently
used in relation to account balances and their components, but need not be
restricted to these items. For example, the auditor may request confirmation
of the terms of agreements or transactions an entity has with third parties;
the confirmation request is designed to ask if any modifications have been
made to the agreement and, if so, what the relevant details are.
Confirmations also are used to obtain audit evidence about the absence of
certain conditions, for example, the absence of a “side agreement” that may
influence revenue recognition. See ISA (UK and Ireland) 505, “External
Confirmations” for further guidance on confirmations.
Recalculation
36.
Recalculation consists of checking the mathematical accuracy of documents
or records. Recalculation can be performed through the use of information
technology, for example, by obtaining an electronic file from the entity and
using CAATs to check the accuracy of the summarization of the file.
Reperformance
37.
Reperformance is the auditor’s independent execution of procedures or
controls that were originally performed as part of the entity’s internal
control, either manually or through the use of CAATs, for example,
reperforming the aging of accounts receivable.
Analytical Procedures
38.
12
Analytical procedures consist of evaluations of financial information made
by a study of plausible relationships among both financial and non-financial
ISA (UK and Ireland) 500
data. Analytical procedures also encompass the investigation of identified
fluctuations and relationships that are inconsistent with other relevant
information or deviate significantly from predicted amounts. See ISA (UK
and Ireland) 520, “Analytical Procedures,” for further guidance on
analytical procedures.
Effective Date
39.
This ISA (UK and Ireland) is effective for audits of financial statements for
periods commencing on or after 15 December 2004.
Public Sector Perspective
Additional guidance for auditors of public sector bodies in the UK and
Ireland is given in:
1.
•
Practice Note 10 “Audit of Financial Statements of Public Sector
Entities in the United Kingdom (Revised)”
•
Practice Note 10(I) “The Audit of Central Government Financial
Statements in Ireland”
When carrying out audits of public sector entities, the auditor takes into
account the legislative framework and any other relevant regulations,
ordinances or ministerial directives that affect the audit mandate and any
other special auditing requirements. In making assertions about the
financial statements, management asserts that transactions and events have
been in accordance with legislation or proper authority in addition to the
assertions in paragraph 15 of this ISA (UK and Ireland).
13
ISA (UK and Ireland) 500
NOTICE TO READERS
© The Auditing Practices Board Limited
This document has been obtained from the website of the Financial Reporting
Council (FRC) and its operating Boards, which includes the Auditing Practices
Board (APB). Use of the website is subject to the WEBSITE TERMS OF USE,
which may be viewed in a separate section of the website. Readers should be aware
that although the FRC and its Boards seek to ensure the accuracy of information on
the website, no guarantee or warranty is given or implied that such information is
free from error or suitable for any given purpose: the published hard copy alone
constitutes the definitive text.
The ISAs (UK and Ireland) are based on International Standards on Auditing of the
same titles, which have been issued by the International Auditing and Assurance
Standards Board and published by the International Federation of Accountants.
14
Related documents
Accounting 241 Outline
Accounting 241 Outline
Evolution of an Automated Internal Audit Management System
Evolution of an Automated Internal Audit Management System
Audit Poster - BSG Colonoscopy Audit
Audit Poster - BSG Colonoscopy Audit
Senior Financial and Operational Auditor
Senior Financial and Operational Auditor
Big Data As Complementary Audit Evidence
Big Data As Complementary Audit Evidence
(financial and operational) auditor internal (financial and operational
(financial and operational) auditor internal (financial and operational
CIS 349 – Information Technology Audit and Control
CIS 349 – Information Technology Audit and Control
Lutz Internal Audit Director 10 22 2015
Lutz Internal Audit Director 10 22 2015
Case
Case
Download
advertisement